bp25.news

Everything from Solana Breakpoint 2025

DevtoolKeynote

Neodyme Unveils 'Follow the Seeds' to Expose Solana’s True TVL Controller

Security firm releases a public database of 104 million Program Derived Addresses, revealing that multisig protocol Squads controls more value than any DeFi aggregator suggests.

Speakers
Sebastian Fritsch
Product
Neodyme

External Context

Bringing Cross-Chain Wallets Into Aptos: X-Chain Accounts

aptoslabs.medium.com ↗

Ika Announces EdDSA Signatures, Expanding Native Support to Solana, Zcash, Cardano and More - Chainwire

chainwire.org ↗

Major Exchange Solana Breach Shakes 2025 Crypto Market

blog.mexc.com ↗
#Security#Smart Contracts#PDAs

/// Executive Intelligence

  • 01

    Squads identified as the top protocol by value locked, surpassing Kamino and Jupiter.

  • 02

    Neodyme launched a public database tracking 104 million unique PDAs and their derivation seeds.

  • 03

    73% of all Wrapped SOL and 50% of Pump tokens are locked in smart contracts rather than user wallets.

In a move that redefines how institutional investors should analyze on-chain risk, security firm Neodyme has released a comprehensive database of Solana Program Derived Addresses (PDAs), effectively mapping the "dark matter" of the ecosystem's Total Value Locked (TVL). While standard DeFi aggregators track yield-generating protocols, they often miss the underlying custodial infrastructure. Neodyme’s analysis reveals that Squads, a multisig standard often ignored by retail-focused dashboards, actually holds the most value on the network—surpassing high-profile DeFi giants like Kamino and Jupiter.

The discrepancy stems from the technical opacity of PDAs. Unlike standard public keys, PDAs are not materialized in the ledger until runtime, making them invisible to traditional scraping methods unless the specific derivation seeds are known. To solve this, Sebastian Fritsch and the Neodyme team patched the Solana validator runtime—leveraging their existing Riverguard security tool—to intercept sol_try_find_program_address syscalls. This allowed them to capture the elusive "seeds" (the inputs used to derive an address) in real-time, building a dataset of over 104 million unique addresses that links funds directly to their controlling programs.

The data paints a starkly different picture of the ecosystem's capital structure. Beyond the dominance of Squads, the analysis highlights a massive shift toward programmatic custody: nearly 73% of the entire Wrapped SOL supply and 50% of Pump tokens are locked within smart contracts rather than held in user wallets. This signals a mature, automated ecosystem where capital is increasingly managed by code rather than manual private key signatures.

For institutional allocators, this tool offers a new layer of due diligence. Investors can now bypass frontend interfaces and verify the custodial hierarchy of a vault directly. By querying the database, a user can confirm if a specific token account is owned by a Squads vault, identify the multisig ID, and trace the authority chain back to its source—all without needing access to the project's private source code. This "follow the seeds" approach provides a trustless method to verify that funds are actually controlled by the governance structures promised in marketing decks.

Why This Matters

A technical deep dive into PDA control of Solana funds relevant for developers and security researchers, providing useful insights for smart contract security.